Exim - Using ACLs to verify RCPT TO

Wed Dec 31 04:54:08 GMT 2003

We're running MailScanner on several load-balanced inbound SMTP / MX
handling machines running exim 4.x as the MTA.  These machines do a MySQL
lookup to verify the "allowed relay" domains for each message, and then we
use a SMTP "smart route" to send all scanned mail to the final destination
mail server (which is also determined by a SQL lookup).

The problem with this approach is that we cannot generate "550 user
unknown" errors during the SMTP negotiation phase because the MailScanner
boxes don't have any local accounts, so they don't know if the address
exists or not.  This results in the "accept and bounce" behavior for
non-existant mailboxes, which then results in a *large* number of bounce
messages being sent to hotmail, yahoo, msn and others due to spammers
forging the From: address (which then results in them tarpitting our SMTP

So, what I would like exim to do is to be able to do a LDAP or SQL lookup
during the SMTP negotiation phase (following the RCPT TO) to determine if
the recipient address is valid or not.  Based on my research, using exim
4.x's ACL facility seems to be the best approach, but I'm a little unclear
on the proper syntax as the manual does not give any examples.

Any pointers would be much appreciated.

Mike Bacher / mike at sparklogic.com
SparkLogic Development / ISP Consulting
Use OptiGold ISP? Check out OptiSkin!

More information about the MailScanner mailing list